Mooflet Privacy Policy.

1. Introduction

Mooflet is a companion app for VanMoof Electrified S2/X2, S3/X3, S5/A5 and S6/S6 Open e-bikes, developed by VanMoofer. Mooflet is an independent third-party application and is not affiliated with, endorsed by, or connected to VanMoof B.V., Cowboy N.V., or their successors.

This Privacy Policy explains what data Mooflet collects, how it is used, and how it is stored. We are committed to your privacy — Mooflet contains no analytics, no tracking, and no ads.

Available on: iOS (16+) and Android (8+).

2. Data We Collect

2.1 Account Information

• VanMoof email and password: Used solely for authentication with VanMoof servers. Your credentials are sent directly to VanMoof's API and are not stored on any Mooflet server.

2.2 Bike Data

• Frame number and MAC address: Retrieved from VanMoof to identify your bike
• Battery level and odometer: Read from your bike via Bluetooth
• Bike settings: Motor assistance level, speed limit, light mode, bell sound, and other configuration

All bike data is stored locally on your device.

2.3 Bluetooth Credentials

• Encryption key pair: Generated for secure bike communication
• Certificates: Obtained from VanMoof for bike authentication

These are stored in the iOS Keychain or Android KeyStore (hardware-backed encrypted storage).

2.4 Location Data

• GPS coordinates: Collected only during active ride tracking
• Ephemeral: Location data is used in real-time for ride statistics and is never uploaded to any server
• On-device only: Route data stays on your device

2.5 Health Data

• Apple Health (iOS): Cycling workouts are written to Apple Health with your permission. Mooflet does not read health data beyond checking for duplicate workouts.
• Google Health Connect (Android): Cycling exercise sessions are written with your permission.

Health data is never transmitted to Mooflet or any external server.

2.6 Music Information

• Currently playing track: Read-only access to display the currently playing song
• Local only: Track information is displayed on-screen and never stored or transmitted

2.7 Preferences

• App settings: Theme, haptic feedback, auto-connect, music player toggle, and other user preferences
• Stored locally: In UserDefaults (iOS) or DataStore (Android)

3. How We Use Your Data

• Bike control: Lock/unlock, motor power, lights, bell, and speed settings via Bluetooth
• Ride tracking: GPS-based route recording, distance, speed, and duration calculations
• Health sync: Writing completed rides as cycling workouts to Apple Health or Google Health Connect
• Music display: Showing currently playing track information during rides
• Authentication: Verifying your VanMoof account and generating bike certificates

4. Data Storage

4.1 iOS

• Keychain: Encrypted credentials, encryption keys, and certificates
• UserDefaults: App preferences and non-sensitive settings
• Shared Keychain group: Shared with the Moofment app for seamless credential access

4.2 Android

• EncryptedSharedPreferences: Encrypted storage for credentials and sensitive data
• DataStore: App preferences and non-sensitive settings
• Android KeyStore: Hardware-backed storage for cryptographic keys

5. Third-Party Services

Mooflet connects to the following external service:

• VanMoof API: Used for account authentication and certificate generation. Your VanMoof email and password are sent to VanMoof's servers to verify your account and obtain bike certificates. No other third-party services are used.

6. No Analytics, No Tracking, No Ads

Mooflet does not include any analytics SDKs, advertising frameworks, crash reporting tools, or third-party tracking of any kind. We do not collect usage statistics, behavioral data, or device fingerprints.

7. Data Sharing

Mooflet does not share your data with anyone, except:

• VanMoof API: Your VanMoof credentials are sent to VanMoof's servers for authentication. This is required to use the app.

No data is sold, rented, or shared with advertisers, data brokers, or any other third parties.

8. Data Retention

• All data is stored locally on your device
• Sign out: Signing out of Mooflet clears all stored credentials, bike data, and cached information
• Uninstall: Removing the app deletes all locally stored data
• No server-side data: Mooflet does not operate its own servers and does not retain any user data remotely

9. Your Rights

Under GDPR, CCPA, and other applicable data protection laws, you have the right to:

• Access: Request information about what data is stored
• Deletion: Delete all data by signing out or uninstalling the app
• Portability: All data is stored on your device and accessible to you
• Objection: You can disable specific features (location, health sync) in device settings

Since all data is stored locally on your device, you have full control. Signing out or uninstalling removes everything.

10. Children's Privacy

Age Requirement: 13+

Mooflet is not intended for children under 13. We do not knowingly collect information from children under 13. Users under 18 who modify speed settings should have parental consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated "Last Updated" date. Continued use of Mooflet after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or your data, contact us at:

Email: [email protected]
Response Time: Usually within 7–14 days